<?php
require('functions/page_load.php');

$users_nav = true;
$active_tab = 'details';

$results = ($_GET['new'] == 'true') ? '<div class="success_result">User added successfully!</div>' : '' ;

if(isset($_GET['delete_job'])){

	$sql = "DELETE FROM questions WHERE id = '".mysql_real_escape_string($_GET['delete_question'])."'";
	$query = mysql_query( $sql ) or die ("Error in query: $sql. " . mysql_error());
	$results = '<div class="success_result">Question deleted successfully!</div>';
	$active_tab = 'questions';

}

if(isset($_GET['delete_feedback'])){

	$sql = "DELETE FROM reviews WHERE id = '".mysql_real_escape_string($_GET['delete_feedback'])."'";
	$query = mysql_query( $sql ) or die ("Error in query: $sql. " . mysql_error());
	$results = '<div class="success_result">Feedback deleted successfully!</div>';
	$active_tab = 'feedback';

}

if(isset($_GET['active']) && isset($_GET['job_id'])){

	$active = ($_GET['active'] == 'activate') ? '1' : '0' ;
	$sql = "UPDATE jobs SET job_active = '".$active."' WHERE id = '".$_GET['job_id']."'";
	$query = mysql_query( $sql ) or die ("Error in query: $sql. " . mysql_error());
	$results = '<div class="success_result">Job updated successfully!</div>';
	$active_tab = 'jobs';

}

if($_SERVER['REQUEST_METHOD'] == 'POST'){

	if($_POST['action'] == 'update_user'){
	
		if(strlen($_POST['password']) > 0){
		
		$encrypt1 = base64_encode($_POST['password'].'_'.$encryption_salt);
		$encrypt2 = md5($encrypt1.'_'.$_POST['email'].'_'.$encryption_salt);
		$password_update = "password = '".$encrypt2."'";
		
		}
	
	//Change By Vyas Ishan 14 May 2013 Task 1
	$surName = '';
	if (array_key_exists('surname',$_POST)) {
		$surName = mysql_real_escape_string($_POST['surname']);
	}
	
	$sql = "UPDATE users SET 
			firstname = '".mysql_real_escape_string($_POST['firstname'])."', 
			surname = '".$surName."', 
			telephone = '".mysql_real_escape_string($_POST['telephone'])."', 
			mobile = '".mysql_real_escape_string($_POST['mobile'])."', 
			email = '".mysql_real_escape_string($_POST['email'])."', 
			".$password_update."
			newsletter = '".mysql_real_escape_string($_POST['newsletter'])."'
			WHERE id = '".mysql_real_escape_string($_GET['id'])."'";
	$query = mysql_query( $sql ) or die ("Error in query: $sql. " . mysql_error());
	
	// update address
	
	$sql = "UPDATE addresses SET 
			area_id = '".mysql_real_escape_string($_POST['area_id'])."', 
			line_1 = '".mysql_real_escape_string($_POST['line_1'])."', 
			line_2 = '".mysql_real_escape_string($_POST['line_2'])."', 
			line_3 = '".mysql_real_escape_string($_POST['line_3'])."', 
			postcode = '".mysql_real_escape_string($_POST['postcode'])."' 
			WHERE id = '".mysql_real_escape_string($_POST['address_id'])."'";
	$query = mysql_query( $sql ) or die ("Error in query: $sql. " . mysql_error());

	$results = '<div class="success_result">User updated successfully!</div>';

	}

}

$sql = "SELECT firstname, surname, telephone, mobile, email, password, users.address_id, newsletter, area_id, line_1, line_2, line_3, postcode FROM users  
		LEFT JOIN addresses ON users.address_id = addresses.id 
		WHERE users.id = '".mysql_real_escape_string($_GET['id'])."'";
$query = mysql_query( $sql ) or die ("Error in query: $sql. " . mysql_error());
$rs = mysql_fetch_assoc($query);

require('includes/header.php');
?>

<div class="side_container">
<h2 class="container_header">Filters</h2>

<ul>
<li><a href="users.php">Active users</a></li>
<li><a href="users.php?show=banned">Banned users</a></li>
</ul>

</div>

<div class="main_container_wrapper">

	<div class="main_container">
	<h2 class="container_header">Edit User</h2>
	
	<div id="top_links">
	<a class="tab_link" rel="#feedback" style="background-image: url(images/star.png); padding-left: 20px;">Feedback</a>
	<a class="tab_link" rel="#jobs" style="background-image: url(images/tradesman.png); padding-left: 20px;">Jobs</a>
	<a class="tab_link" rel="#details" style="background-image: url(images/page.png); padding-left: 20px;">Users details</a>
	<a href="users.php" style="background-image: url(images/back.png); padding-left: 20px;">Back to Users</a>
	</div>
	
	<?php echo $results; ?>
	
		<div id="details" class="tab_container"<?php echo ($active_tab == 'details') ? ' style="display: block;"' : ' style="display: none;"' ; ?>>
		
			<form method="post" action="">
			
			<input type="hidden" name="action" value="update_user" />
			<input type="hidden" name="address_id" value="<?php echo $rs['address_id']; ?>" />

			<!-- user details -->
			
			<div class="form_row_wrapper">
			<div class="form_row_left"><label for="firstname">First name:</label></div>
			<div class="form_row_right"><input type="text" name="firstname" id="firstname" class="textbox" value="<?php echo $rs['firstname']; ?>" /></div>
			</div>
			
			<?php /* //Change By Vyas Ishan 14 May 2013 Task1?>
			<div class="form_row_wrapper">
			<div class="form_row_left"><label for="surname">Surname:</label></div>
			<div class="form_row_right"><input type="text" name="surname" id="surname" class="textbox" value="<?php echo $rs['surname']; ?>" /></div>
			</div>
			<?php */?>
			
			<div class="form_row_wrapper">
			<div class="form_row_left"><label for="telephone">Telephone:</label></div>
			<div class="form_row_right"><input type="text" name="telephone" id="telephone" class="textbox" value="<?php echo $rs['telephone']; ?>" /></div>
			</div>
			
			<div class="form_row_wrapper">
			<div class="form_row_left"><label for="mobile">Mobile:</label></div>
			<div class="form_row_right"><input type="text" name="mobile" id="mobile" class="textbox" value="<?php echo $rs['mobile']; ?>" /></div>
			</div>
			
			<div class="form_row_wrapper">
			<div class="form_row_left"><label for="email">Email:</label></div>
			<div class="form_row_right"><input type="text" name="email" id="email" class="textbox" value="<?php echo $rs['email']; ?>" /><br /><span class="clearLeft">Changing the email address will require the user to reset their password when logging in if you dont set one below.</span></div>
			</div>
			
			<div class="form_row_wrapper">
			<div class="form_row_left"><label for="password">Password:</label></div>
			<div class="form_row_right"><input type="text" name="password" id="password" class="textbox" value="" /><br /><span class="clearLeft">Only enter a password here if you would like to change it.</span></div>
			</div>
			
			<div class="form_row_wrapper">
			<div class="form_row_left"><label for="newsletter">Newsletter:</label></div>
			<div class="form_row_right"><input type="checkbox" name="newsletter" id="newsletter" value="1"<?php echo ($rs['newsletter'] == '1') ? ' checked="checked"' : '' ; ?> /></div>
			</div>
			
			<!-- address details -->
	
			<div class="form_row_wrapper">
			<div class="form_row_left"><label for="line_1">Address:</label></div>
			<div class="form_row_right"><span>Editing this address, will edit the users address throughout the system.</span><br />
			<input type="text" name="line_1" id="line_1" class="textbox" value="<?php echo $rs['line_1']; ?>" />
			<input type="text" name="line_2" id="line_2" class="textbox" value="<?php echo $rs['line_2']; ?>" />
			<input type="text" name="line_3" id="line_3" class="textbox" value="<?php echo $rs['line_3']; ?>" />
			<select name="area_id" id="area_id" style="margin-top: 5px;" class="textbox clearLeft">
			<?php
			
			$sql = "SELECT id, area FROM areas ORDER BY area";
			$area_query = mysql_query( $sql ) or die ("Error in query: $sql. " . mysql_error());
			while($area_rs = mysql_fetch_assoc($area_query)){
			
			$selected = ($area_rs['id'] == $rs['area_id']) ? ' selected="selected"' : '' ;
			echo '<option value="'.$area_rs['id'].'"'.$selected.'>'.$area_rs['area'].'</option>';
			
			}
			
			?></select>
			<input type="text" name="postcode" id="postcode" class="textbox clearLeft" value="<?php echo $rs['postcode']; ?>" style="width: 80px;" />
			</div>
			</div>
			
	
			<div class="form_row_wrapper">
			<div class="form_row_left">&nbsp;</div>
			<div class="form_row_right"><input type="image" src="images/save_button.png" alt="Save" /></div>
			</div>
			
			</form>
		
		</div>
		

		<div id="jobs" class="tab_container"<?php echo ($active_tab == 'jobs') ? ' style="display: block;"' : ' style="display: none;"' ; ?>>
		
		<a href="add_job.php?user_id=<?php echo $_GET['id']; ?>" class="create_button">Create new Job</a>
		
		<table width="100%" cellpadding="0" cellspacing="0" class="cms_table">
		<thead><tr><th align="left">Job</th><th align="left">Trade</th><th>Status</th><th>Date</th><th>Activate/Deactivate</th></tr></thead>
		<tbody>
		<?php
		
		$sql = "SELECT jobs.id, title, trade, date_added, job_active, status FROM jobs
				LEFT JOIN trades ON jobs.trade_id = trades.id 
				WHERE user_id = '".mysql_real_escape_string($_GET['id'])."'";
		$query=mysql_query( $sql ) or die ("Error in query: $sql . " . mysql_error());
		$rows = mysql_num_rows($query);
		
		if($rows > 0){
		
			while($rs=mysql_fetch_assoc($query)){
			
			$activate = ($rs['job_active'] == '1') ? 'deactivate' : 'activate' ;
			
			echo '<tr><td align="left" valign="top"><a href="edit_job.php?id='.$rs['id'].'">'.$rs['title'].'</a></td><td align="left">'.$rs['trade'].'</td><td>'.$rs['status'].'</td><td>'.date("d/m/Y", strtotime($rs['date_added'])).'</td><td valign="top"><a href="?id='.$_GET['id'].'&amp;active='.$activate.'&amp;job_id='.$rs['id'].'">'.$activate.'</a></td></tr>';
			
			}
			
		}
		
		else{
		
		echo '<tr><td colspan="6">There are currently no jobs for this user.</td></tr>';
		
		}
		
		?>
		
		</tbody></table>
		
		</div>
		
		
		<div id="feedback" class="tab_container"<?php echo ($active_tab == 'feedback') ? ' style="display: block;"' : ' style="display: none;"' ; ?>>
		
		<table width="100%" cellpadding="0" cellspacing="0" class="cms_table">
		<thead><tr><th align="left">Tradesman</th><th align="left">Job</th><th align="left">Review</th><th>Rating</th><th>Date</th><th width="50">Delete</th></tr></thead>
		<tbody>
		<?php
		
		$sql = "SELECT reviews.id, reviews.job_id, reviews.tradesman_id, rating, review, date_reviewed, tradesman.company_name, jobs.title FROM reviews 
				LEFT JOIN jobs ON reviews.job_id = jobs.id 
				LEFT JOIN tradesman ON reviews.tradesman_id = tradesman.id 
				WHERE reviews.user_id = '".mysql_real_escape_string($_GET['id'])."'";
		$query=mysql_query( $sql ) or die ("Error in query: $sql . " . mysql_error());
		$rows = mysql_num_rows($query);
		
		if($rows > 0){
		
			while($rs=mysql_fetch_assoc($query)){
			
			echo '<tr><td align="left" valign="top"><a href="edit_tradesman.php?id='.$rs['tradesman_id'].'">'.$rs['company_name'].'</a></td><td align="left" valign="top"><a href="edit_job.php?id='.$rs['job_id'].'">'.$rs['title'].'</a></td><td align="left" valign="top">'.str_replace("\r\n", "<br />", $rs['review']).'</td><td valign="top"><img src="/images/'.$rs['rating'].'-star.gif" alt="" /></td><td valign="top">'.date("d/m/Y", strtotime($rs['date_reviewed'])).'</td><td valign="top"><a onclick="confirm_delete(\'?id='.$_GET['id'].'&amp;delete_feedback='.$rs['id'].'\',\'this feedback\');" title="Delete"><img src="images/delete.png" alt="Delete" /></a></td></tr>';
			
			}
			
		}
		
		else{
		
		echo '<tr><td colspan="6">There is currently no feedback from this user.</td></tr>';
		
		}
		
		?>
		
		</tbody></table>
		
		</div>
		
		

	</div>

</div>
	
<?php
	require('includes/footer.php');
?>